Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Changing Oracle gid and uid?

Re: Changing Oracle gid and uid?

From: Mark Bole <>
Date: Wed, 05 Oct 2005 16:55:17 -0700
Message-ID: <>

David Sharples wrote:
> you would also have to reset the setuid permission on the oracle
> executable as it would be lost with a chown

Not so. chmod changes file permissions, not chown.

Marquez, Chris wrote:
> So when I use the nfs from servers dbA and dbB they see the files as
> owned by oracle, but from server dbC the files are owned by another
> user (the use with that uid in the local passwd / group file).
> And the opposite happens when pushing a file from dbC, when dbA and
> dbB look at it.
> What is my work-around?

 > The SA came up with the idea of changing Oracle's gid and uid on dbC.
 > I have been in this situation before, when someone broke oracle by
 > changing the oracle gid and uid, but I just changed it back to what 
is > was.

The SA's idea is correct. If someone else "broke oracle" it was by doing an incomplete job.

I have performed this same task under both Oracle 7 and Oracle 9, no relinking is required. In Unix, the file system only contains numeric UID and GID values, they only get converted to a name via lookup in /etc/passwd and /etc/group. (system calls getpwnam(), getpwuid(), getgrnam(), and getgrgid() perform this task).

Oracle software does not know or care anything about the numeric UID/GID, only the names. So the change is pretty easy, just like changing the description for a unique ID in a lookup table in the database.

Here is a sample scenario. Assumes new UID and GID are not already in use, of course.

        oracle change 101 => 103

        dba change 101 => 21

First, run pwck and grpck commands to clean up any problems with the respective files. Optional, but recommended (you'd be surprised what you might find).

# get "before" list of files to be changed for logging purposes find / -user oracle -exec ls -ld {} \; > /tmp/ora_owned_files.lst # find files which don't have DBA group, if any (shouldn't be any) find / -user oracle \! -group dba -exec ls -ld {} \; >> \


shut down all oracle software (confirm with "ps -fu oracle" command).

# make the change
find / -user oracle -exec chown 103:21 {} \;

# make backups using RCS or your favorite method cd /etc
ci -l passwd
ci -l group

# change lookups
vipw [...change oracle UID to 103, GID to 21] vi /etc/group [change dba GID to 21]

# re-run listing to check for consistency
# check output to see what's changed...should be the same as "before"
# listing

find / -user oracle -exec ls -ld {} \; > find / -user oracle \! -group dba -exec ls -ld {} \; >> \

           /tmp/ &

It might be a little slow, you can experiment with the recursive option of chown instead of using find. Or, instead of -exec option of 'find', pipe output to xargs command. Just be sure you handle symbolic links correctly. (Your SA should understand all of this, in case you don't).

Mark Bole

Received on Wed Oct 05 2005 - 18:58:07 CDT

Original text of this message